search

peburrows / goth

Elixir package for Oauth authentication via Google Cloud APIs
http://hexdocs.pm/goth
MIT License
289 stars 111 forks source link

Self-signed JWT claim overrides #105

Closed paveltyk closed 2 years ago

paveltyk commented 3 years ago

This PR allows overriding self-signed JWT claims. Which in turn makes it easier to follow different token exchange scenarios:

Cloud function invocation token (read more)

iex> credentials = "credentials.json" |> File.read!() |> Jason.decode!()
...> claims = %{"target_audience" => "https://<GCP_REGION>-<PROJECT_ID>.cloudfunctions.net/<CLOUD_FUNCTION_NAME>"}
...> Goth.Token.fetch(%{source: {:service_account, credentials, [claims: claims]}})
{:ok, %Goth.Token{...}}

Impersonating account

iex> credentials = "credentials.json" |> File.read!() |> Jason.decode!()
...> claims = %{"sub" => "<IMPERSONATED_ACCOUNT_EMAIL>"}
...> Goth.Token.fetch(%{source: {:service_account, credentials, [claims: claims]}})
{:ok, %Goth.Token{...}}
paveltyk commented 3 years ago

@wojtekmach Hi. Can you please give an ETA for this PR?

wojtekmach commented 2 years ago

Thank you, sorry for the delay!